Review #28: Private Internet Access (PIA) VPN

Hello 2017! The first full weekend of 2017 gives me an opportunity to put my thoughts to words once again. Considering that security and privacy were a highlight in 2016, I thought it best to start 2017 with a review of my current VPN service provider.

I have been subscribed to VPN services for over half a decade and have been constantly switching service providers every year without fail. The primary reason has always been the immense loss of speed I have been subjected to when using OpenVPN, especially when using servers at a great distance from my country (India). The other "not too unsubstantial" reason is the pricing which is always in USD and comes at a significant cost when your local currency happens to be INR. However, things have improved on both these fronts over the years. Server choices have improved over time and there are great discounts on offer during Black Friday. This means that I am now able to connect to more servers at a cost lower than what I paid 5 years ago.

While my trend of switching providers continues with my current choice, this is the first time I have returned to a service that I have used previously. PIA has always been a popular choice but my experience first time around was not great. The speeds were not that great and there were no local servers available. However, the speed test on their site came back with impressive numbers and the Black Friday offer of $29.95 for a year's subscription seemed too good to pass. The default data encryption offered on all clients is AES-128 in CBC mode, though it can be stepped up to AES-256 if security is more of a priority over speed. Since I value speed a lot more when using the VPN, I have till now stuck with AES-128. But as you will see, the results of my tests have now made me change my mind. PIA is also known to not keep any logs and has a good track record as far as privacy is concerned.

For my testing, I focussed on speeds alone since I have taken the security for granted on the basis of the claims and feedback linked to in the previous paragraph. The testing procedure went as follows:
  1. I used the website or app with the same server (based on geographical proximity to my direct connection) for the speed tests
  2. I used the official PIA apps wherever possible. However, at the time of this writing, the PIA app failed to connect to any servers on iOS 10.2 and hence I used the OpenVPN Connect app as an alternative.
  3. I made it a point to select all the countries listed by PIA when using the official apps. In case of multiple servers in a country (US, UK, Canada), I selected the one which seemed geographically closer. For the router test, I used the configurations already stored on it since switching servers is more time consuming.
The point of running it across multiple devices was not to compare them, but to observe the consistency of the performance, especially as I ran the test on each platform at different times and on different servers, but on the same 10 Mbps fixed line network. As you can very well see, the performance is anything but consistent. It gives an idea of the variabilty in speed that one can expect when using a server. Also, the high pings make it incapable of being used in a time sensitive setting. True to expectations, it is the locally situated server that comes close to providing a good experience, though the French server seems to be a good alternative. On the other end of the spectrum, the server in New Zealand is of no utility at all.

Next, I decided to run the tests on a faster 4G LTE cellular network that usually hangs around the 20 Mbps mark. The higher speed compared to my fixed line was bound to provide greater fidelity in the data. It ended up rejigging the speed order once again but is another indication of the inconsistency and limited server choices available if speed is the main criteria.

By default, all the PIA clients and configuration files are set to operate with AES-128 data encryption in CBC Mode. Apparently, the stronger encryption sacrifices speed for better security. However, this time, contrary to expectations as well as suggestions made by PIA, it was the stronger encryption that yielded better speed results throughout.

I have been using the Asus AC68U router for well over a year and it is simply faultless with the AsusWRT Merlin firmware. PIA also has a dedicated guide for it which makes it a breeze to set it up. The setup is for AES-128 in CBC mode and while there doesn't seem to be a separate guide for setting the router up with AES-256 in CBC Mode, it wasn't too difficult. Based on the settings mentioned on their site, I was able to get the stronger encryption working by changing the 'Encryption cipher' value to 'AES-256-CBC', adding the 4096-bit Root CA and including the following in 'Custom Configuration' from the .opvn file.

auth sha256
verb 1
reneg-sec 0
However, router hardware is more limited and running OpenVPN on it is taxing to say the least, especially at higher encryption levels. At the same time, it is essential as it allows dumber devices like Smart TVs and Chromecasts to bypass geographical restrictions and keeps the device count in check. I also have L2TP configurations saved for the same locations in case OpenVPN proves a bridge too far. The results yet again indicate that the strongest encryption mode is also the fastest. This comes at a higher processing cost for the router but it is nothing that will choke it up.

To sum it up, the performance with PIA is literally a mixed bag. If privacy is the driving factor, then using the closest geographical server 24x7 seems to be a good bet as the speed difference is not too significant, though the latency is higher by a factor of 10. Bypassing geographical restrictions for browsing shouldn't be much of a problem as France, Germany, Finland, Sweden offer good speeds. Video streaming from US is not much of an option, though it is possible to stream just fine from UK. On a 10 Mbps line, it is just about possible to watch HD streams with infrequent buffering. But PIA servers are already blocked across geographies as far as Netflix and Amazon are concerned. iPlayer still seems to work but tends to throw out errors every now and then.

On the positive side, it is easy to setup, works well on all the platforms that I use (Linux included) and the speed is good. I have interacted with their customer service and they are well informed while also being quick to reply. However, for me the biggest draw is the value for money. Since I am paying in USD as a foreign currency and don’t use VPN unless I am on a public network or connecting to unknown websites/IP addresses, spending anything above $30 would certainly be an overkill. My recommendation for PIA goes out only on the basis of price as I believe only more expensive VPNs will be capable of providing the speeds and options that one may need on a regular basis.